CVE-2018-9243
N/A
N/A
Summary
GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://gitlab.com/gitlab-org/gitlab-ce/issues/42028
- https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
References
- https://gitlab.com/gitlab-org/gitlab-ce/issues/42028
- https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.